User:Alvonruff/HTTPS Notes

Jump to navigation Jump to search


  • dnf install mod_ssl
  • systemctl restart httpd
  • httpd -M
  • cd /etc/httpd/conf.d
  • Create file
  • Add the following contents:
<VirtualHost *:80>
    DocumentRoot /var/www/html
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
    Redirect permanent /
  • systemctl restart httpd

Certificate Support Software

  • dnf install epel-release
  • dnf install snapd
  • dnf install certbot
  • dnf install python3-certbot-apache


  • certbot --apache
    • Select
  • systemctl restart httpd


  • Change PROTOCOL in to "https"
  • Change $wgServer in /var/www/html/wiki/LocalSettings.php to use https
  • Go to the wiki and type MediaWiki:Sidebar in the search window. Edit that page and change http to https

The New Password Algorithm

This code replaces the current version in

                wikiPass = record[0][1]

                # Extract the various fields stored in the user_password field
                fields = string.split(str(wikiPass), ":")
                encryption = fields[1]
                hashAlgo = fields[2]
                cost   = int(fields[3])
                keylen = int(fields[4])

                # Decode the salt and key fields
                base64_salt   = fields[5]
                base64_key    = fields[6]
                salt          = base64.b64decode(base64_salt)
                dbaseKey      = base64.b64decode(base64_key)

                submittedKey = pbkdf2_hmac(hashAlgo, password.encode('utf-8'), salt, cost)
                if binascii.hexlify(submittedKey) != binascii.hexlify(dbaseKey):
                        doError('Bad password')

Certificate Renewals

The current status of the certificates can be seen with: certbot certificates

A renewal can be performed with: /usr/bin/certbot renew --cert-name

This does renew both and

Issues to Resolve

None now.

Areas of Deeper Study